Read the SSL Certificate information from a remote server | openssl s_client -connect www.feistyduck.com:443 -CAfile /etc/ssl/certs /ca-certificates.crt

You may want to monitor the validity of an SSL certificate from a remote server, without having the certificate.crt text file locally on your server? You can use the same openssl for that.
To connect to a remote host and retrieve the public key of the SSL certificate, use the following command.
openssl s_client -connect www.feistyduck.com:443 -CAfile /etc/ssl/certs -CAfile /etc/ssl/certs /ca-certificates.crt
$ openssl s_client -showcerts -connect ma.ttias.be:443
This will connect to the host ma.ttias.be on port 443 and show the certificate. It's output looks like this.
$ openssl s_client -showcerts -connect ma.ttias.be:443

-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgISESHAjlbjcoBHxBYXS12oY6VjMA0GCSqGSIb3DQEBCwUA
...
CzgXBhDR3themzPx4jwx2ckNFpNDK/6yQgrKaHTewAAj
-----END CERTIFICATE-----
---
Server certificate
subject=/C=BE/OU=Domain Control Validated/CN=ma.ttias.be
issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
---
There's many more output, like the intermediate CA certificates, the raw certificates (encoded) and more information on the ciphers used to negotiate with the remote server.
You can use it to find the expiration date, to test for SSL connection errors, ...

Comments

Popular posts from this blog

HAproxy logging

teamcity Automatic Agent Start under Linux

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all